return security_session_user_level(session_info, NULL) == SECURITY_ADMINISTRATOR;
}
+/*
+ * Return ‘true’ if the caller has system access. The ‘acl’ module passes
+ * SYSTEM_CONTROL_STRIP_CRITICAL when it wants to strip the critical flag.
+ */
+bool dsdb_have_system_access(
+ struct ldb_module *module,
+ struct ldb_request *req,
+ const enum system_control_strip_critical strip_critical)
+{
+ struct ldb_control *as_system = NULL;
+
+ as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
+ if (as_system != NULL) {
+ switch (strip_critical) {
+ case SYSTEM_CONTROL_KEEP_CRITICAL:
+ break;
+ case SYSTEM_CONTROL_STRIP_CRITICAL:
+ as_system->critical = 0;
+ break;
+ }
+
+ return true;
+ }
+
+ return dsdb_module_am_system(module);
+}
+
/*
check if the recyclebin is enabled
*/
struct dom_sid;
struct netlogon_samlogon_response;
+enum system_control_strip_critical {
+ SYSTEM_CONTROL_KEEP_CRITICAL,
+ SYSTEM_CONTROL_STRIP_CRITICAL,
+};
+
#include "librpc/gen_ndr/misc.h"
#include "librpc/gen_ndr/security.h"
#include "dsdb/samdb/ldb_modules/util_proto.h"